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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.1 14, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on 2/25/2010 has been entered. 

Response to Amendment 
Claims 1-14 are cancelled. Applicant's arguments/amendments with respect to pending 
claims 15-28 filed 2/25/2010 have been fully considered and therefore the claims are rejected 
under new grounds. 

Information Disclosure Statement 

Although the information disclosure statement (IDS) submitted on 5/22/2009 was filed 
after the mailing date of the non-final office action on 4/1/2009 was in compliance with the 
provisions of 37 CFR 1 .97, Examiner would like to note that Applicants also filed an NPL 
document entitled "Decision of a Patent Grant" that was not cited in the IDS and thus not 
considered. If Applicants would like for that NPL document to be considered, Applicants are 
asked to include it in an IDS. 
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Claim Objections 

Claim 15 is objected to because of the following informalities: in line 16, the claim as 
amended states "... .to update the protection request information to exclude from restriction 
packets not included in the attack, based on a report transmitted from the restricting device, 
where it seems that the term "from" should be removed. Appropriate correction is required. 

Also, in claims 15, 21, and 25, Applicants added the following limitations "an updated 
protection request information excluding from restriction packets not included in the attack..." In 
determining whether or not this language was supported by the Specification, Examiner would 
like to point out paragraphs 13 and 15 of the Specification which uses the word "remove" in 
reference to getting rid of the restrictions put on the packets. Examiner suggests clarifying the 
language by replacing "excluding" with "removing" in order to remain consistent with the 
terminology presented in the Specification. 



Claim Rejections - 35 USC § 101 

I. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

II. Claims25-28 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non- statutory subject matter, as they do not fall under any of the statutory classes of 
inventions. These claims are directed towards computer-readable medium which is not limited 
to falling under the statutory classes of invention set forth. These claims in using the term 
"computer readable medium" allows for the computer readable medium to be interpreted as 
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signals, thus non-statutory. Based on current USPTO Policy, when the computer readable 
medium is not specifically defined as non-transitory in the Specification the broadest reasonable 
interpretation is used according to MPEP 2111, thus the computer readable medium may embody 
signals, i.e. transitory media. Examiner suggests that Applicants amend the claims to add a 
limitation to direct the language of the 'computer readable medium' claims to only include the 
non-transitory embodiment which would remove the possibility of claiming signals. 



Claim Rejections - 35 USC §103 

III. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

IV. Claims 15-28 are rejected under 35 U.S.C. 103(a) as being unpatentable over Talpade et 
al, US Pub. No. 2004/0148520, and further in view of Mollenkopf, US Patent No. 6,980,090 and 
Sonnenberg, US Patent No. 7,076,650. 

As per claims 15, 21, and 25: 

Talpade et al. substantially teach a system/method/computer readable recording medium 
for protecting a communication device against a denial-of-service attack, comprising: a 
monitoring device provided on a local area network including the communication device, the 
monitoring device being configured to monitor a packet transmitted to the communication device 
via an internet-service-provider network (par. 17, lines 1-19 and par. 20); and a restricting device 
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provided on the internet-service-provider network, the restricting device being configured to 
restrict a packet to the local area network (par. 17, lines 23-37), wherein the monitoring device 
includes an attack detecting unit configured to detect an attack by the packet on the 
communication device (par. 17, lines 1-12), and a protection-request-information transmitting 
unit configured to transmit protection request information indicating a request for protection 
against the attack (par. 17, lines 10-19 and par. 22); and the restricting device includes a packet 
restricting unit configured to restrict a packet transmitted to the communication device via the 
internet-service-provider network based on the protection request information (par. 17, lines 23- 
37 and par. 24). Furthermore, Talpade ct al. teach that all traffic determined to be non-DDOS 
traffic is routed back onto the ISP network (par. 33). 

Not explicitly disclosed is the protection-request-information transmitting unit being 
configured to update the protection request information to exclude from restricting packets if not 
included in the attack, based on a report transmitted from the restricting device. However, 
Mollenkopf teaches that until the source of a packet is trusted, the packet is restricted on the 
network and once the packet becomes trusted (i.e. once it is not an attack), the restrictions are 
removed by sending a message to the server (col. 25, lines 23-40). Therefore, it would have 
been obvious to a person in the art at the time the invention was made to modify the method 
disclosed in Talpade et al. to remove the restrictions from packets that were put in the category 
of being non-DDOS traffic based on the update message. This modification would have been 
obvious because a person having ordinary skill in the art, at the time the invention was made, 
would have been motivated to do so since Mollenkopf suggests that once the source of a packet 
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is trusted, it allows for the packet to be processed without restrictions by allowing it to 
communicate through the communication line to all parts of the Internet in col. 25, lines 33-40. 

Also not explicitly disclosed is wherein the protection request information includes a 
certificate authenticating the monitoring device. However, Sonnenberg teaches that a firewall 
and other nodes which assist with packet scanning perform mutual authentication using 
certificates in order to establish trust amongst these monitoring devices (col. 8, lines 55-63). 
Therefore, it would have been obvious to a person in the art at the time the invention was made 
to modify the method disclosed in Talpade et al. to include support for certificates which may be 
used in authenticating monitoring devices. This modification would have been obvious because 
a person having ordinary skill in the art, at the time the invention was made, would have been 
motivated to do so since Sonnenberg suggests that it's important to establish a level of trust 
between the monitoring node and other nodes and that this trust may be established through an 
authentication procedure employing certificates in col. 8, lines 55-63. 
As per claims 16, 22, and 26: 

Talpade et al, Mollenkopf, and Sonnenberg substantially teach the 
system/method/computer readable recording medium according to claims 15, 21, and 25. 
Furthermore, Talpade et al. teach wherein the monitoring device further includes a signature 
generating unit configured to generate a signature indicating a feature of a packet that attacks the 
communication device, the protection-request-information transmitting unit transmits the 
protection request information including the signature to the restricting device, and the packet 
restricting unit restricts a packet corresponding to the signature (par. 26). 
As per claims 17, 23, and 27: 
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Talpade et al, Mollenkopf, and Sonnenberg substantially teach the 
system/method/computer readable recording medium according to claims 16, 22, and 26. 
Furthermore, Talpade et al. teach wherein the restricting device further includes a signature 
determining unit configured to determine whether the protection request information including 
the signature is appropriate, and the packet restricting unit restricts a packet corresponding to a 
signature that is determined to be appropriate, and does not restrict a packet corresponding to a 
signature that is determined to be inappropriate (par. 20). Not explicitly disclosed is where the 
signature is based on the certificate. However, Sonnenberg teaches the use of certificates in an 
authentication procedure, where it is extremely well known for certificates to incorporate 
features (such as a public key) to enable the use of determining if a signature is authentic (col. 
10, lines 29-49). Therefore, it would have been obvious to a person in the art at the time the 
invention was made to modify the method disclosed in Talpade et al. to determine if the 
protection request which contains a signature is appropriate based on the certificate. This 
modification would have been obvious because a person having ordinary skill in the art, at the 
time the invention was made, would have been motivated to do so since Sonnenberg suggests 
that it's important to establish a level of trust between the monitoring node and other nodes and 
that this trust may be established through an authentication procedure employing certificates in 
col. 8, lines 55-63. 
As per claims 18, 24, and 28: 

Talpade et al, Mollenkopf, and Sonnenberg substantially teach the 
system/method/computer readable recording medium according to claims 16, 22, and 26. 
Furthermore, Talpade et al. teach wherein the restricting device further includes a report 
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generating unit configured to generate a report including a feature and an amount of packets 
corresponding to the signature, and a report transmitting unit configured to transmit the report to 
the monitoring device (par. 20 and par. 22), the signature generating unit generates a new 
signature based on the report, the protection-request-information transmitting unit transmits the 
protection request information including the new signature to the restricting device (par. 26), and 
the packet restricting unit restricts a packet corresponding to the new signature (par. 26 and par. 
34). 

As per claim 19: 

Talpade et al, Mollenkopf, and Sonncnberg substantially teach the system according to 
claim 18. Furthermore, Talpade et al. teach wherein the restricting device further includes a 
forwarding unit configured to forward the protection request information to other restricting 
devices provided on the internet-service-provider network (par. 27), the forwarding unit being 
configured to determine whether to forward the protection request information based on the 
report generated by the report generating unit. 
As per claim 20: 

Talpade et al, Mollenkopf, and Sonnenberg substantially teach the system according to 
claim 17. Furthermore, Talpade et al. teach wherein the restricting device further includes a 
determination-result transmitting unit configured to transmit a determination result of the 
signature determining unit to the monitoring device, the signature generating unit of the 
monitoring device generating a new signature indicating the feature of the packet that attacks the 
communication device when the determination result indicates that the signature is inappropriate 
(par. 34). 
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invention has been claimed. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nadia Khoshnoodi whose telephone number is (571) 272-3825. 
The examiner can normally be reached on M-F: 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Nadia Khoshnoodi/ 
Examiner, Art Unit 2437 
3/18/2010 

NK 

/Emmanuel L. Moise/ 

Supervisory Patent Examiner, Art Unit 2437 



